CVE-2014-3676
shim 0.3-0.8 - Remote Code Execution via Crafted IPv6 Address in TFTP DHCPv6 Boot Option
Title source: llmDescription
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/96988
Exploit, Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/10/13/4
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/70409
Broken Link vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1801.html
Scores
EPSS
0.0523
EPSS Percentile
91.6%
Details
CWE
CWE-787
Status
published
Products (1)
redhat/shim
0.3 - 0.8
Published
Oct 22, 2014
Tracked Since
Feb 18, 2026